Despite healthy investments in security products and staffing over the past 10 years, most CISOs are not confident that they can stop cyber thieves from compromising their networks and stealing data. This is the finding of a survey of over 1,600 IT security managers in the UK, US, and the DACH region (Germany, Austria & Switzerland). The situation is so dire that Gartner recently published a report entitled: “Malware Is Already Inside Your Organisation; Deal With It”.
What is causing such a monumental failure? In large part, IT security managers are fighting the last war. The enterprise IT environment has grown in complexity over the past few years, and the IT security systems have not adjusted to the changes. Here is a summary:
- Identification of risks on your network is too slow: Most existing security systems tools scan for risks weekly or monthly, and often miss risky mobile devices that come onto your network for a short time, then leave.
- Identification of risks on your network is incomplete: Most security systems were designed to secure corporate-owned devices, not personally owned devices.
- Detection of security breaches on your network is too slow: The security firm Mandiant reported in 2014 that the average time it takes a large enterprise to discover that they have been breached is 229 days. This is ample time for the bad guys to steal huge quantities of data from your network.
- Response and containment is too slow: Once a breach has been detected, it typically takes days for IT organisations to respond, if they respond at all. The culprit here is lack of automation. Many security tools issue alerts, and these alerts need to be acted upon by an IT manager, who may already be receiving hundreds or thousands of alerts each day. This was the case of the recent breach of the Target department store chain in the U.S.; millions of credit card numbers were eventually stolen, despite the presence of alerts in the security control room.
- Coordination across security systems is lacking: Each system typically operates as a separate silo of information, and don’t communicate very effectively with each other. This robs IT security managers of critically needed synergies, and it weakens the effectiveness of each security control.
This situation must change. We need to start “thinking different” about security. A recent survey conducted by Enterprise Strategy Group showed that 44 percent of enterprises said they wanted to move toward a more integrated security architecture in the next 24 months. The desired state is for all the security products to talk with one another, share information and operate as one big effective security army.
A good model to follow would be similar to what is developing in the mapping industry, to the benefit of all. Modern mapping applications take information from disparate sources—cell towers, police reports, other mapping applications, and even end-users—to allow drivers to avoid problems and take the fastest route.
IT security managers should demand change from their vendors. They should talk with one another. Synergise with one another. Provide greater automation across layers of security. And start thinking differently about security.